DPA

Data Processing Agreement

Last updated: 2 July 2026.

This Data Processing Agreement summary explains how PracticeComply supports practices that use the service with client personal data.

For client workflow records entered by a practice, the practice is normally the controller and NOCTIS STUDIOS LIMITED acts as processor to provide the portal.

Subject matter

The service processes client compliance workflow data, document requests, uploaded files, task notes, account details and technical data needed to operate the portal.

  • Categories of data subjects may include practice users, clients, company directors, PSCs and client contacts.
  • Categories of personal data may include names, email addresses, business details, uploaded documents, notes and technical logs.

Security measures

PracticeComply uses HTTPS, access-controlled dashboards, protected upload storage, private client portal links and operational access controls suitable for the current product stage.

  • Practices should avoid uploading data that is not needed for the requested workflow.
  • Practices remain responsible for their own client consent, notices and regulatory obligations.

Assistance and deletion

PracticeComply will provide reasonable assistance for data subject requests, security questions, account export or deletion requests made by a practice.

  • Some billing, legal or security records may need to be retained for a limited period.
  • Contact support@practicecomply.co.uk for DPA or deletion requests.